Chapter 23. Partners and Suppliers

In This Chapter

  • Assessing the risks of third-party suppliers and partners

  • Setting up security audits for third parties

  • Identifying data threats from providers of software as a service

  • Weighing the risks of Service Oriented Architectures

  • Asking your potential suppliers and partners about security issues

It's a scary thought, but more than 12 percent of data breaches occur through the efforts (or lack of effort) contributed by partners and suppliers. In effect, even if the breach isn't your fault directly, you could still end up as front-page news — only because your customers' data has been lost (or found) by a partner or supplier. People never remember the intermediary, but they always remember you!

Note

A government department had outsourced its data processing to a third party on a different continent. Unfortunately the data was lost. No one even remembers the name of the third party. What they remember is that the government had, once more, lost information. Worse, this particular citizens' government had already outsourced its data processing before people started to ask why their data was being processed on a completely different continent. (Ouch!)

Preventing Data Loss by Third Parties

You have enough of a struggle to keep your own information under control — let alone trying to control some other organizations' stuff. But the need can't be ignored. Third parties are a major cause of data loss.

As with all service agreements, you have to agree on what ...

Get Data Leaks For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.